Alexander H Deriziotis

How to configure a large-scale Samba PDC while redirecting only the client machines' My

Documents and Desktop at the server using logon scripts. Additionally, configuring user's

printers through logon scripts.

One thing I've found during my adventures as a network administrator, is that roaming profiles

are a good idea, but aren't actually that great an implementation. They're very cool if you've

got the money to buy identical machines, with identically cloned software and install identical

images of their hard-drives from the very start and if you've got the money to get some

advanced Microsoft Business Server to roll-out software upgrades automagically. But it's an

expensive solution, a very expensive solution, where most of the money goes to the software

companies rather than the little people offering support. Born out of the need to configure

networks for small businesses and charities with very little funding, I've realized that the best

solution is to forget the roaming profiles, and roam only the My Documents and Desktop

folders.

This essentially means, that a user's applications don't follow them around when they log on to

machines on the network, but any files stored on the Desktop or in their My Documents do.

This is useful because whenever I'm there, I can upgrade existing software on any machine I

feel like, depending on how much time I've got. I can replace certain machines on the network

without having to worry about inconsistent start menus and desktop settings. Each user logs on

to that machine and uses the resources of that machine, but can easily find their files (which

are incidentally being backed up consistently since they're stored on the server), even the

most un-savvy users can find their files if they're under My Documents!

However, one major workaround I've had to come up with while configuring Linux-based

Windows' PDCs is needed because Windows' Server group policy options and security policies

and all those GUI options that I don't really get are missing. In turn, anything you want done on

particular machines logging on to your PDC, must be done through logon scripts. This

document will explain how to configure the PDC and the user's logon scripts to redirect the

Desktop and My Documents folders and the scripts to connect the right machines to the right

printers.

Server: Red Hat Fedora Core 4 + Samba 3.0.14

Clients: Windows 2000/XP

Set up a regular Samba PDC. This involves mostly setting domain logons = yes in the smb.conf.

Set

in order to disable roaming profiles.

Configure the logon scripts.

To do this, uncomment the [netlogon] share, and put all scripts into the netlogon path.

logon script = logon.bat

Note. The logon script path is in relation to the netlogon path. So the actual script resides in

/home/netlogon/logon.bat.

# Create the My Documents folder if it doesn't exist

cd Z:

IF NOT EXIST "Z:\My Documents\." MD "Z:\My Documents"

# Update the registry to redirect the user's My Documents to the server

regedit /s \\pandora\netlogon\redirect.reg

regedit /s \\pandora\netlogon\redirect.reg

(Exported registry key for)

HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Personal = “Z:\My Documents”

I need to come up with a better script for this, something which is smaller and can be

copy/pasted in to a file from this page.

Add the following lines to the logon.bat to have it auto-connect to the desired printer.

rem Set printer for all machines in basement

IF %COMPUTERNAME% == CAVE100 rundll32 printui.dll,PrintUIEntry /y /in /n

/y means set it as default..

For each machine connected to the PDC, change the machine's registry setting to enable

running logon script synchronously (http://www.winguides.com/registry/display.php/141/).

NT\CurrentVersion\Winlogon]

Value must be 1 for logon script to change the registry before loading the My Documents

folder.

Log in as administrator on the local machine. Go to Tools, Folder Options. Click on Offline files

and disable.